Today the New York Times published a piece on the explosion of cellphone thefts, the rise of the black market systems that wipe the phones and resell them, and the efforts - or alleged lack thereof - of carriers and manufacturers in not doing enough to prevent the thefts in the first place. The piece approaches the problem from all the wrong angles, and here's why...

Things go south almost immediately with a quote from District of Columbia Chief of Police Cathy L. Lanier, who says "The carriers are not innocent in this whole game. They are making a profit off this." Technically, yes, if a customer has to walk into a carrier store and buy a new phone because their previous one was stolen, then the carrier can take a profit on it. But the same rule applies if somebody steals my laptop or my car or my coffee when I'm not looking. I'm going to have to go buy a new one, and the seller is going to take a profit. That's how business works. Of course, with all of those excepting my unattended cup of coffee I can purchase insurance to cover their replacement cost on the occasion of all sorts of events, even thefts. That includes that smartphone.

I don't want to go down the "blame the victim" route, but let's be honest here: protecting something you hold in your hand and making it less desirable to purloin is not the job of manufacturers or carriers. In fact, they're in the business of making devices more desirable, because they want you to buy them. That a product being more attractive to legitimate buyers also makes it more attractive to thieves is just the way things are.

Once you walk out of the store with that shiny new iPhone or Lumia or Galaxy or BlackBerry, it's no longer the carrier's or manufacturer's responsibility to maintain physical security of the device. It's yours. Chief Lanier's jurisdiction saw a record of 1829 cellphone thefts in 2012, an average of nearly seven per day.

New York City Mayor Michael Bloomberg singled out the theft of Apple iPhones and iPads accounted for 14% of crimes, supposedly making them single-handedly responsible for an uptick in the overall crime level for the city. While there's little doubt that many New Yorkers were robbed specifically for their Apple-branded devices, that 14% involves all crimes where iPhones and iPads were stolen, not just people who were targeted for daring to brandish an iPhone in public.

Continuing to harp on the "iPhone thefts driving rising crime rates" theme, we have to consider that the iPhone and iPad are highly popular devices. They sell incredibly well and report after report have shown that owners use them more heavily than those who have purchased other devices. There are more people who are using iPhones and other smartphones on the streets, and thus more targets of opportunity.

As The New York Times points out, carriers and manufacturers are working to make stealing smartphones they sell more of a pain. The major US carriers have partnered with law enforcement across the country to launch a stolen phone database. It is essentially a list of the unique IMEI numbers (International Mobile station Equipment Identity) from phones that have been reported stolen. Once a phone's on the list, in theory an attempt to activate it on the network should throw up red flags.

Unfortunately for these efforts, if you know what you're doing it's relatively easy to modify a phone's IMEI and circumvent the database. There's no law against it, but that's something that New York Representative Eliot Engel (D) wants to change with the introduction of the Cell Phone Theft Protection Act to the United States Congress. The legislation is intended to discourage the theft of cell phones by "requiring wireless commercial services to cut off service to a stolen phone" by creating a national stole phone database (done - independently by carriers and law enforcement without prompting of the federal government), requiring all phones in the US to have unique ID numbers (done - the IMEI was created by the industry for exactly this reason), mandating that carriers make it possible for customers to remotely wipe their devices (manufacturers are on this), and making it illegal to alter a phone's IMEI.

The last point is really the only "new" item to US law in Engel's legislation. It's already against the law in countries like the UK and Latvia to alter a phone's IMEI, expressly with the goal of suppressing phone theft and resale. There's just one rub, though: the act of stealing is already illegal. Altering an IMEI is trivial compared to actually stealing the phone, making doing so illegal isn't going to cause any crook to second guess what they're doing.

Manufacturers too have been on the track of working to make their phones less desirable to be stolen, or at the very least protect the data of the owner once they are. Apple, BlackBerry, Microsoft, and others offer built-in services for their devices that enable you to remotely track, ring, lock, and wipe devices on your account (BlackBerry and Microsoft also allow you to display a message on the device). These sort of features aren't built into Android by Google, however, unless you're on a Google Apps account. Numerous third-party apps are available to add remote security features to Android devices.

The issue with those services is one of consumer awareness. Most simply aren't aware that they have the option to remotely wipe a device if it's been stolen. Many would probably be pleased by the ability to remotely command their phone make a sound so they can figure out where they left it last night.

Of course, all of these services do no good if the phone's radios are turned off - once it's off the internet, no amount of back-end services are going to enable you to remotely wipe the phone. Criminals have grown saavy enough to know that the first thing you do after stealing somebody's phone is turn it off, if not immediately wipe it yourself. To imply, as Chief Lanier, Mayor Bloomberg, Representative Engel, and others have, that iPhones and Galaxies and Lumias are driving crime rates and that it's the responsibility of carriers and manufacturers to do something about it is absurd.

Carriers and manufacturers have been for some time working to minimize the incentive to steal smartphones. They're operating on market forces; consumers don't like it when the smartphone they've come to rely upon is stolen, so the industry has an incentive of their own to make it less desirable to steal them in the first place. The manufacturers and carriers that build the best systems to protect the data on a smartphone (and that's usually the most distressing part to anybody who has lost possession of their device) and do the best job of marketing that to customers will reap the benefits from customers who opt to buy their product.

The same game played out nearly a century ago as the automobile. As automobiles began to grow in popularity, so did theft of the new horseless carriages. Manufacturers eventually began to include alarms and immobilizers to deter against vehicle theft. Today, cars can be equipped with two-way alarm systems that alert you of exactly what's happening to your in distress automobile. But that hasn't stopped grand theft auto in the slightest sense. There are more cars on the road today than at any time in history, and everything from expensive and security-laden new Cadillac Escalade SUVs to old Honda Accord and Toyota Camry sedans continue to be stolen every day. If something is desirable, thieves will find a way to get their hands on it.

As technology advances, so will the techniques of criminals. No amount of technology is going to make it any less desirable to steal the smartphone I hold in my hand. It's an expensive piece of technology, and while we can do much to safeguard the data it holds, that data isn't what thieves are usually after - it's the hardware itself. Protecting my phone once I've walked away from the sales desk in the carrier store is my responsibility and my responsibility only. I don't hold Starbucks as responsible for the physical security of my coffee nor would I consider Honda complicit if somebody stole by car.

Just because it's a popular target for thieves doesn't mean make my smartphone any different.

Reader comments

you may be too young to remember that stealing car stereos used to be a big epidemic. Know how it stopped? The mfgs started making products that were rendered useless when removed from the vehicles. You also see this with automobiles; care to guess why vehicles with OnStar aren't stolen more than other cars? It's because they are rendered inoperable once the theft is reported.

Theft of stereos stopped being a big problem mostly because of the wonders of mass production. Car stereos fell so much in price that you can buy one today for 20-30$. It ceased being valuable enough to steal.

The falling prices also caused car manufacturers to put decent stereos in their cars. The factory installed models are practically impossible to steal, and because they were good enough for the vast majority of people, the demand for cheap, stolen stereos dropped like a rock.
(pretty much even the cheapest model these days include a CD player...)

And BTW Cars with onstar and other tracking systems get stolen too. They just get exported to third world countries, which would undoubtedly happen with cell phones too if a similar carrier operated system got introduced...

Go to crutchfield (or any audio store) and look at car stereos. The average price is around $265. If anything stereos have been getting more expensive over time due to DVD.
Google the top 20 stolen cars based on Insurance data. Not one of them is an OnStar vehicle.

Many, many smartphones get stolen from demonstration tables in carrier stores and electronics retailers every single day. All of those have to be replaced, at enormous cost, materially offsetting the profit margins on smartphones re-sold to customers whose were lost or stolen. Retailers are victims of theft, too. To imply that they profit from thievery is absurd.

"No amount of technology is going to make it any less desirable to steal the smartphone I hold in my hand"

Uhhh, sure....

So, why can't they make the phones where the IMEI is unable to be changed?

I'll give you the benefit of the doubt and stipulate that there IS a reason.

So, why can't they manufacture the CPU in each smartphone so that it has a hardwired CPUID (like, for example, on Intel PC processors)? It should not need to be required, but if the manufacturers and carriers don't/won't do it on their own, why shouldn't, say, the FCC mandate that each phone have an unchangeable ID embedded in the CPU, and that the carriers share with each other the IDs of phones that are reported lost or stolen?

Who would steal a phone if they KNOW that it can never be used again after it's stolen? Answer: virtually nobody. Why? Because nobody would BUY a phone like that, and if nobody will buy it and the thief can't use it him or herself, then the majority of them won't bother stealing them.

It also wouldn't hurt if the carriers would allow users to opt into a reward program for lost phones. Take away the market for stolen phones and give a reward for people who find phones and take them to the nearest office of that carrier for a small reward (say $25 or $50? - still cheaper than the deductible to replace a phone via insurance) and you'll still have a few people who will steal phones just to get the reward, but at least people who lose their phones will have a reasonable chance at getting them back.

A reward program like that would just cause a massive spike in phones "stolen" from people who want to get their free 50 bucks. (And who could blame them, really?)

The CPU ID codes is also a really dumb idea for numerous reasons...
1: It would cost money to implement, and who do you think the costs would be pushed on? The consumers. And I dont want to pay more just because you can't look after your phone.
2: There is a vast market in used phones. A CPU identifier would interfere in a massive way. Want to bet that your friendly carrier would come up with a 50$ fee to "transfer ownership" or some nonsense like that?

The IMEI system is perfect as it is, since it provides a degree of accountability, but isn't overly aggressive or imposing.

Oh, and the last and most important reason why CPU IDs is a garbage idea? There's no practical way to implement it worldwide. If it was introduced through US carriers or the FCC, a cellphone thief would just pay 5-10$ to have it shipped to Mexico or Ukraine or France where the phone could be used again.

In the meantime, you can bet that the price of this useless programme would be passed on to the consumers...

I think that one way to help try to prevent this is for the phone not to be able to be powered off without knowing the pass code for the phone. As well as not being able to restore the phone if it has a pass code enabled. But the number one way to prevent or help prevent is always be aware of your surroundings.

I think the phone makers do have some level of responsibility- the same as a car manufacturer has a responsibility to fit a decent car door lock. They should take reasonable measures if they can.

I'd like to see a worldwide blacklist for iOS devices (enforced at the operating system level, so it doesn't require the cooperation of all the carriers around the world). After a SIM change this world database should be checked the next time a data connection becomes available (mobile OR wi-fi) on iPhone, or maybe every week or so on iPad and iPod touch.

If your phone is stolen or you lost your phone someone should not be able to take that phone and activate it. The phone should be locked and prevent anyone from activating the phone. Right now the stolen phones are being sold and reactivated. The theft is making a profit and the carrier is making a profit.

I had a conversation on this subject the other day with a friend. I don't think manufacturers or carriers need to do anything. People need to learn to protect their own stuff. Take a look around next time you are in a public place. Look at how many people leave their phones unattended. I was at the bar with my friend and we saw people leave their phones at the bar while they went to the restroom. You go to a department store and you will see people place their phones on a display while they walk around to look at stuff. At some point there has to be personal responsibility.

I think the most important point of this whole story concerning stolen smartphones is a point that everyone is missing: Say the carriers do more to thwart the theft of the devices - well first of all the thieves need to know that the devices imei cannot work, but the whole point is that if the phone is stolen, whether the thieves can reprogram it or not, the original owner is not going to get back his phone. Nice Mr. theif is not going to return a phone that cannot be reprogrammed or activated - the phone is simply going to be tossed or used for parts and the original problem is still there - the rightful owner of the device having to replace it. Owning an expensive smartphone today is somewhat like owning expensive sneakers in certain neighborhoods a decade or two ago - thieves would not only steal the sneakers but the owners of the sneakers would get hurt. It is a no win situation. it is no different than someone stealing your wallet - a theft is going to happen no matter what safeguards any manufacturer or carrier puts on the phone.

While I do agree that manufacturers and carriers do not have any obligation to deter theft, I also think they could if they wanted to. Right now it is in their best interest for stolen phones to be easily formated and resold, so we will see very little security initiatives.

If manufacturers and carriers were losing sales due to theft, we would see solutions in a heartbeat. For instance, making the iPhone IMEI hardcoded, tying it to your Apple ID and only releasing the phone if you allowed it would be simple enough.

So, both sides have valid arguments, but if we follow the money it is easy to see that there is really no incentive, specially from carriers, to minimize theft profitability.

The point missed at least from the carrier's prospective is that the phone doesn't operate without their network. So they are complicit in the theft, or the use of the stolen property. It would be like dealerships owning the road when those cars are stolen. The carrier tracks the identification numbers of the stolen phone, so their network knows when your stolen phone is being used but do nothing about it. That creates a legal obligation. Other providers outside the US have blacklists which deter theft so that reported stolen phones cannot register on the network. ATT Tmo and others have just recently started the blacklist in the states after legal and social pressures to do so.

I do think there is more carriers can do though. I mean, they *can* track where phones are, even with Find my iPhone off. They could hand it off to the police.

There is then the other side of this though, a criminal sells his iPhone on Craigslist, then says "It was stolen!" and calls the cops/carrier, he can then theoretically get his iPhone and the money he sold it by denying that he sold it. I mean, yeah, a cop would say "It's possible the other guy sold the iPhone", but a carrier wouldn't.

If only Apple were working on some kind of security system that could render stolen devices useless without their owner being present... Oh wait, fingerprint technology and potentially a proximity iWatch security system ARE being worked on...